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DETAILED ACTION 

Status of Claims 

1. This action is in reply to the US Application filed on 12/05/2003. 

2. Claims 1-19 are currently pending and have been examined. 

Information Disclosure Statement 

3. The Information Disclosure Statement submitted on 2/2/2005 has been 
considered. An initialed copy of Form 1449 is enclosed herewith. 

Drawings 

4. The drawings are objected to because: 

• The item numbers must be typewritten and legible in compliance with 37 CFR 
1.121(d) 

• New corrected drawings in compliance with 37 CFR 1.121(d) are required in this 
application because of hand drawing-figures 1-3. 

5. Applicant is advised to employ the services of a competent patent draftsperson 
outside the Office, as the U.S. Patent and Trademark Office no longer prepares new 
drawings. Any amended replacement-drawing sheet should include all of the figures 
appearing on the immediate prior version of the sheet, even if only one figure is being 
amended. The figure or figure number of an amended drawing should not be labeled as 
"amended." If a drawing figure is to be canceled, the appropriate figure must be 
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removed from the replacement sheet, and where necessary, the remaining figures must 
be renumbered and appropriate changes made to the brief description of the several 
views of the drawings for consistency. Additional replacement sheets may be necessary 
to show the renumbering of the remaining figures. Each drawing sheet submitted after 
the filing date of an application must be labeled in the top margin as either 
"Replacement Sheet" or "New Sheet" pursuant to 37 CFR 1.121(d). If the changes are 
not accepted by the examiner, the applicant will be notified and informed of any required 
corrective action in the next Office action. The objection to the drawings will not be held 
in abeyance. 

Specification 

6. The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and 
process of making and using it, in such full, clear, concise, and exact terms as to enable any 
person skilled in the art to which it pertains, or with which it is most nearly connected, to make 
and use the same and shall set forth the best mode contemplated by the inventor of carrying 
out his invention. 

7. Claim 1 is rejected under 35 U.S.C. 112, first paragraph, as failing to comply with 
the enablement requirement. The claim(s) contains subject matter which was not 
described in the specification in such a way as to enable one skilled in the art to which it 
pertains, or with which it is most nearly connected, to make and/or use the invention. 

As per claim 1 : 

With regard to the limitations of a security component for determining whether an 
externally generated access key is the same as an internally generated access key; and 
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a bypass component for enabling a data access operation by an external device without 
reference to Decade4 table parameters, neither the security component nor the bypass 
component are described in any detail that reveals how they are implemented. The 
security component involves no description on how an externally generated key can 
match an internally generated key. The bypass component involves no description on 
how the Deacade4 tables are bypassed nor how MFG Procedure of Figure 3 responds 
to a Request for Security Key. 

Claim Rejections - 35 USC § 101 

8. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or 
composition of matter, or any new and useful improvement thereof, may obtain a patent 
therefor, subject to the conditions and requirements of this title. 

9. The claimed invention is directed to non-statutory subject matter. Claims 13 thru 
17 are rejected under 35 U.S.C 101 as not providing a useful, concrete or tangible 
result. 

As per claim 13: 

With regard to the limitations of receiving, generating and comparing produce no 
useful, concrete, or tangible result. Furthermore, the limitation of Enables a single data 
access operation by an external device, produces no useful, concrete, or tangible result, 
since enabling does actually make or insure that a repeatable data access operation 
occurs. 
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As per claim 14: 

With regard to the limitations of arithmetically combining variable data with data 
associated with a utility meter to generate the security key produces no useful, 
concrete, or tangible result. 

As per claim 15: 

With regard to the limitation of augmenting the security key before generating the 
access key produces no useful, concrete, or tangible result. The term augmenting is 
also vague and indefinite. 
As per claim 16: 

Monitoring for a data access operation by an external device in response to the 
comparison of the access keys being the same, produces no useful, concrete, or 
tangible result. 

As per claim 17: 

Timing a data access interval; and resuming security processing with reference 
to security tables in response to the data access interval time expiring produces no 
useful, concrete, or tangible result. 

Claim Rejections - 35 USC § 112 Second Paragraph 

10. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

, The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter, which the applicant regards as his invention. 
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11. Claim 1 is not defined by the claim, the specification does not provide a standard 
for ascertaining the requisite degree, and one of ordinary skill in the art would not be 
reasonably apprised of the scope of the invention. 

Claim Rejections - 35 USC § 103 

12. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

13. Claims 1-19 are rejected under U.S.C. 103(a) as being unpatentable over 
Hoffman et al, US Patent No. 5, 715, 390 in view of Matyas et al, US Patent No. 
4,918,728, and further in view of the applicant's own admission. 

Examiner's Note: The Examiner has pointed out particular references contained in the prior art of record 
within the body of this action for the convenience of the Applicant. Although the specified citations are 
representative of the teachings in the art and are applied to the specific limitations within the individual claim, 
other passages and figures may apply. Applicant, in preparing the response, should consider fully the entire 
reference as potentially teaching all or part of the claimed invention, as well as the context of the passage as 
taught by the prior art or disclosed by the Examiner. 

As per claim 1: 

With regard to the limitations of a security component for determining whether an 
externally generated access key is the same as an internally generated access key, 
Hoffman explicitly teaches: "The upgrade software program then processes the read 
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secret software key and the read unique serial number of the meter with the stored 
authentication algorithm to generate at least one password. The password along with an 
upgrade command are presented to the meter where they are compared to the read- 
protected passwords in the RAM of the meter, and, if there is a match, then the upgrade 
command initiates the ROM codes for implementing one or more stored options or 
upgrades." (Hoffman, column 2, lines 54-62). 

The referenced password generated above from the secret software key is 
externally generated and is equivalent to the "externally generated access 
key". The read-protected password above is equivalent to the "internally 
generated access key" to one skilled in the art at the time of the invention. 
With regard to the limitations of a bypass component for enabling a data access 
operation by an external device without reference to Decade4 table parameters, 
Hoffman explicitly teaches: "The upgrade command identifying the desired option or 
upgrade is programmed into the upgrade software program" (Hoffman, column 2, line 
63-65). 

The upgrade software program above sends a command identifying the 
desired option, which enables a data access operation for upgrading the 
meter through an external device (Hoffman, column 2, lines 62-64). 
With regard to the limitations of a utility meter incorporating ANSI C12. 19 data 
structures, Applicant admits in the Background of Invention, the admission of prior art 
concerning the ANSI C12.19 standard for programmable meters: "In 1997, ANSI 
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promulgated its C12.19 standard to provide interoperability for programmable meters." 
(Girsham, paragraph 4). 

Although Hoffman describes a system in terms of security features, it does not 
explicitly describe a system to bypass security. 

With regard to without reference to Decade4 table parameters, Maytas teaches; 
"Protection From Non-System Generated Keys. The method for coupling the control 
vector and key is such that CV checking is unable to detect a system generated key (via 
KGEN or GKS) from a non-system generated key. For this reason, a "back-door" 
method exists within the architecture for generating a keys and control vectors: It 
consists of defining a control vector "of choice" and a random number which is then 
represented as a key encrypted in the manner described under the architecture using 
the selected control vector. The so-called "back-door" method of key generation is 
primarily an annoyance, although in some cases cryptographic attacks , would be 
possible if additional measures of defense were not taken in the architecture" (Matyas, 
column 1 5, lines 1 8-27 and 31 -34). 

The Deacde4 table parameters are the security limiting tables, which are part of 
the ANSI C1 2.1 9 standard where access permissions are used to limit table read or 
write access, although the exact means for granting access are not defined by the 
standard. The present invention involves a back-door or bypass method that goes 
around the ANSI C12.19 security features. Back-door or bypass security methods are 
well known in the art as exemplified by Maytas, which in this case, control vector 
checking is unable to detect a system generated key from a non-system generated key, 
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much like what is being done in the current application. In light of Maytas, it would have 
been obvious to one of ordinary skill in the art at the time of the invention to incorporate 
such a bypass of security features. 

As per claim 2: 

With regard to the limitations of a security component further comprising: a 
security key generator for generating a security key, Hoffman explicitly teaches "an 
upgrade software program that reads the serial number from the RAM in the meter and 
reads the secret software key from the hardware key. The upgrade software program 
then processes the read secret software key and the read unique serial number of the 
meter with the stored authentication algorithm to generate at least one password" 
(Hoffman, column 4, lines 52-57). 

The password generated above by the upgrade software program is equivalent 
to the "security key generator" to one skilled in the art at the time of the invention. 

As per claim 3: 

With regard to the limitations of the security key generator generates the security 
key from variable data and data associated with the meter, Hoffman explicitly teaches: 
"The upgrade software program reads the serial number from the RAM in the meter and 
reads the secret software key from the hardware key. The upgrade software program 
then processes the read secret software key and the read unique serial number of the 
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meter with the stored authentication algorithm to generate at least one password" 
(Hoffman, column 2, lines 52-57). 

"More specifically, the software key is a counter, which is decremented each time 
an upgrade is downloaded to a meter, so that only the number of upgrades purchased 
can be enabled. The hardware key is a storage medium for the software key described 
above" (Hoffman, column 1, lines 41-46). 

The password generated above consists of data associated with the meter, the 
meter's serial number and the software key being a counter, constitutes variable data. 

As per claim 4: 

With regard to the limitations of the security key generator arithmetically 
combines the variable data and the data associated with the meter to generate the 
security key, Hoffman explicitly teaches: 

"The upgrade software program that reads the serial number from the RAM in 
the meter and reads the secret software key from the hardware key. The upgrade 
software program then processes the read secret software key and the read unique 
serial number of the meter with the stored authentication algorithm to generate at least 
one password" (Hoffman, column 2, lines 52-57). 

"The following described authentication algorithm accepts: 

(1) the sixteen byte secret and protected keying variable; 

(2) the sixteen byte meter serial number; and 

(3) the one byte option code; 
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and returns a 4 byte authentication password." 

"In accordance with the authentication algorithm of the present invention, an 
array of 33 bytes, B(i,j), is defined where i v 1 £ I £ 33, is the byte number and, j, 0 ^ j 

^ 7, specifies the bits within byte i. The least significant bit (LSB) is specified by j=0; 

and the most significant bit (MSB) is specified by j=7" (Hoffman, column 5, lines 7- 18). 

The references above show arithmetically combining variable data, the software 
key and the data associated with the meter, the meter's serial number, through the use 
of the authentication algorithm, which is equivalent to the "security kef to one skilled in 
the art at the time of the invention. 

As per claim 5: 

With regard to the limitations of a security component further comprising: an 
access key generator for generating an access key from the security key, Hoffman 
explicitly teaches: The password is generated by processing a software key and a 
serial number of the meter with an authentication program by a processor external to 
the meter." (Hoffman, column 5, lines 47- 50). 

"The described authentication algorithm returns a 4 byte authentication 
password" (Hoffman, column 4, lines 7- 12). 

As per claim 6: 

With regard to the limitations of the access key generator augments the security 
key before generating the access key, Hoffman explicitly teaches: "The 4 byte password 
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resulting from the cycling of initialized array B (FIG. 3), as described above, is shown in 
FIG. 4. A 4 byte password resulting from the cycling of initialized array B (FIG. 3), with 
the exception of the option byte being set to the value 2 instead of 1 , is shown in FIG. 5. 
It will be appreciated that the change in the option status has resulted in a significant 
change in the password. This is also the case for a small change in the serial number or 
the key." (Hoffman, column 5, lines 65-68 and column 6, lines 3-6). 

The references above clearly shows that the authentication algorithm has 
augmented the security of the system, since any small change in the input to the 
algorithm results in a significant change in the resulting password. 

As per claim 7: 

With regard to the limitations of the security component further comprising: An 
access key comparator for comparing the access key generated by the access key 
generator to an access key received from an external device, Hoffman explicitly 
teaches: "The password along with an upgrade command are presented to the meter 
where the password presented is compared to the read-protected password in the RAM 
of the meter in step 80, and, if there is a match, then the upgrade command initiates the 
ROM codes for implementing one or more stored options or upgrades in step 81." 
(Hoffman, column 4, lines 57-63). 



As per claim 8: 
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With regard to the limitations of a data access monitor for monitoring data access 
operations performed by the external device and resetting the access key comparator in 
response to a data access being performed by the external device. Hoffman explicitly 
teaches: "In accordance with the present invention, ROM includes codes for 
implementing one or more stored options or upgrades. It will be appreciated that these 
options or upgrades are stored in the meter at the factory and can be utilized only when 
purchased and enabled as described herein. Each meter has a unique serial number 
stored in RAM. In the present example, the serial number is 16 bytes long and includes 
bit-flags (i.e., an option byte) indicating which options have already been enabled. Each 
option which is not enabled must be requested and a password verified before it can be 
utilized. It is an important feature of the present invention that the password be based 
on the serial number, so that the same password cannot simply be recorded and played 
back to another meter. Further, the password cannot be used to upgrade more than the 
option(s) selected (and purchased) " (Hoffman, column 2 lines 16-29). 

"The upgrade command initiates the ROM codes for implementing one or more 
stored options or upgrades in step 81. The upgrade command identifying the desired 
option or upgrade is programmed into the upgrade software program." (Hoffman, 
column 4, lines 61-65). 

"After 330 cycles, the contents of bytes B30, B31, B32, and B33 are defined to 
be the password corresponding to the specific key, meter serial number, and option. 
The authentication algorithm being known will not in of itself allow recovery of the secret 
key. Further, if a single bit is changed in the serial number, the option byte, or the key, 
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then the authentication password will change in a difficult to predict fashion" (Hoffman, 
column 5, lines 46-54). 

"It will be appreciated that the change in the option status has resulted in a 
significant change in the password. This is also the case for a small change in the serial 
number or the key" (Hoffman, column 6, lines 3-6). 

It is clear from the references above that the upgrade command and the counter 
function as a data access monitor since each option which is not enabled must be 
requested and a password verified before it can be utilized. The authentication 
algorithm referenced above functions as the reset mechanism since it prevents further 
upgrades through a significant change in the password should any small change occur 
in the option status, key, or serial number of the meter. A change in this externally 
generated password would not match the meter's internally generated password 
preventing further data access to the meter, functioning as reset of the access key 
comparator of the current invention. 

As per claim 9: 

With regard to the limitations of a unlock timer for timing an interval 
corresponding to a data access operation and for resetting the access key comparator 
in response to a data access being performed by the external device. Hoffman explicitly 
teaches: "The counter is decremented each time an upgrade is downloaded to a meter, 
so that only the number of upgrades purchased can be enabled" (Hoffman, column 4, 
lines 65-67). 
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The counter above functions as an unlock timer providing limited data access for 
a period based on the number of upgrades purchased that can be enabled. As 
mentioned above, the authentication algorithm functions as the reset mechanism since 
it prevents further upgrades through a significant change in the password should any 
small change occur in the option status, key, or serial number of the meter. 

As per claim 10: 

With regard to the limitations of the bypass component enables a single data 
access operation by the external device. Hoffman explicitly teaches: 'The upgrade 
command identifying the desired option or upgrade is programmed into the upgrade 
software program" (Hoffman, column 2, line 62-64). 

"The password is generated by processing a software key and a serial number of 
the meter with an authentication program by a processor external to the meter 41 
(Hoffman, column 4, lines 47-50). 

The upgrade software program above sends a command identifying the desired 
option, which enables a data access operation for upgrading the meter through an 
external device (Hoffman, column 2, lines 62-64). 

"The counter is decremented each time an upgrade is downloaded to a meter, so 
that only the number of upgrades purchased can be enabled" (Hoffman, column 4, lines 
65-67). 

It should be clear from the above references, that the counter above functions as 
an unlock timer providing limited data access for a period based on the number of 
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upgrades purchased that can be enabled and that upgrading is done through an 
external device. 

As per claim 1 1 : 

• With regard to the limitations of the security component and bypass component 
are implemented by a procedure. Hoffman explicitly teaches: The upgrade 
command identifying the desired option or upgrade is programmed into the 
upgrade software program" (Hoffman, column 4, line 63-65). 

o The security component and the upgrade software program are equivalent 
per Claim 2's rejection and it is well known in the art that software 
programs contain and are developed through the use of procedures, 
o The bypass component and the upgrade software program are equivalent 
per Claim 1's rejection and it is well known in the art that software 
programs contain and are developed through the use of procedures. 

As per claim 12: 

With regard to the limitations of the procedure is a computer program executed 
by a processor in the utility meter Hoffman explicitly teaches: "The password along 
with an upgrade command are presented to the meter where they are compared to the 
read-protected passwords in the RAM of the meter, and, if there is a match, then the 
upgrade command initiates the ROM codes for implementing one or more stored 
options or upgrades (Hoffman, column 4, lines 57-63). 
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The comparison of passwords is obviously done, to someone skilled in the art, by 
the meter's internal processor and the processor also responds thereafter to the 
upgrade command. 

As per claim 18: 

With regard to the limitations of generating the access key with an encryption 
function, Hoffman explicitly teaches: "After 330 cycles, the contents of bytes B30, B31, 
B32, and B33 are defined to be the password corresponding to the specific key, meter 
serial number, and option. The authentication algorithm being known will not in of itself 
allow recovery of the secret key. Further, if a single bit is changed in the serial number, 
the option byte, or the key, then the authentication password will change in a difficult to 
predict fashion" (Hoffman, column 5, lines 47-54). 

The authentication algorithm being known does not in and of itself allow recovery 
of the secret key, is indicative of and the result of, to on skilled in the art, to an 
encryption function. 

As per claim 19: 

With regard to the limitations of generating the access key with a hashing 
function. Hoffman explicitly teaches: It will be appreciated that the change in the option 
status has resulted in a significant change in the password. This is also the case for a 
small change in the serial number or the key." (Hoffman, column 6, lines 3-6). 
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This result is indicative of and the result of, to on skilled in the art, to a hashing 
function, where the fundamental property of all hash functions is that if two hashes, 
according to the same function, are different, then the two inputs are different in some 
way. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Thomas C. West whose telephone number is 571-270- 
1236. The examiner can normally be reached on M-R 7:30am - 5pm EST, ALT Fridays 
off. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, James Reagan can be reached on 571-272-6710. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Thomas West 
Patent Examiner 
Art Unit 3621 
March 14, 2007 
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